I have recently come across an issue where good people wish to convey information about malicious websites to everyone. They’re doing very good work tying to keep us all safe and informed by discussing malicious website URLs (Universal Resource Locators), particularly on Twitter. Unfortunately Twitter creates a link in the text to anything looking like a URL. This means malicious websites that are mentioned by their URLs are given links allowing readers to accidentally go to them.
This article covers some of the issues involved when using a Digital Signature. Each Digital Signature is generated from a Digital Certificate (otherwise known as a Digital ID) issued by a certifying authority.
All examples given are created using Microsoft Outlook 2010 on a PC using Microsoft Windows 10, but the principles apply to other versions of Outlook and other email clients.
In December 2009 the European Union obliged Microsoft to offer a choice of browsers to their European customers when they installed new versions of Windows. This browser choice was also delivered in updates to Windows and so the Browser Choice screen was born and has been with us ever since. See my featured image of Microsoft’s browser choice screen offering Google Chrome, Internet Explorer, Safari, Mozilla Firefox and the Opera browsers amongst others.
Browser Choice Ends
It turns out that this requirement by the EU had a time limit of five years which has now expired. Consequently Microsoft have quietly withdrawn the option to choose other browsers and returned to providing Internet Explorer alone. People can of course continue to use other browsers with Windows as they see fit but Internet Explorer is now what comes out of the box.
A recently discovered Backdoor Trojan Regin is a computer bug found by the software security company Symantec. Its purpose is to spy on the activities taking place on computers. It can collect passwords, capture screen images and even recover deleted files.
The Backdoor Trojan Regin has been made to operate in five stages the last two being encrypted to make it very difficult to discover and understand. If any stage were to be discovered it would say little about the other stages. Two stages are specifically given over to loading each other and the other stages. You can download a comprehensive PDF file from Broadcom describing Regin in detail at this Broadcom (previously Symantec) site. Selecting this link may automatically download the regin-top-tier-espionage-tool-15-en.pdf file into your download folder and display it in your PDF reader. To get access to this file manually go to:
Select that link on the page to download the file.
Backdoor Trojan Regin appears to have been developed as far back as 2008 and by its sophisticated nature was probably developed by a nation state as opposed to criminals. It appears to have been withdrawn from use by its masters in 2011 and a new version reintroduced in 2013.
Regin infections have been found in the following countries:
All Regin infections have been shared by these sectors thus:
Airline – 5%
Energy – 5%
Hospitality – 9%
Research – 5%
Small Businesses & Private Individuals – 48%
Telecoms Backbone – 28%
The Backdoor Trojan Regin has been made extremely stealthy so that it is very hard to determine what it is up to even after discovery. It could go undetected for years. For those interested it uses RC5 encryption which isn’t commonly used.
While updating software on a friend’s Windows 8.1 PC he remarked that he could no longer see the Norton Safe Web (NSW) icons in his search results. He was using Internet Explorer with Google as his home page and search engine. He had Norton Internet Security (NIS) installed and the Norton Toolbar was present in his browser. At the time I couldn’t find a solution to his problem so I came home and conducted tests on my Windows 7 PC which also uses NIS.
The featured image at the top of the page shows how it looks when it works OK and an NSW icon is selected.
There is a vulnerability (flaw) which allows targeted attacks via Internet Explorer versions 6 through 11 to be made on MS Windows PC’s.
The attack seems complex to me and probably not easily made against the masses. The ultimate goal of an attacker would be to encourage a PC user to visit dangerous websites.
Microsoft plan to fix the problem with updates distributed in their normal way, i.e. monthly updates.
If you want to find out more you can visit ITPRO here. Some PC’s will be more vulnerable than others depending on what version of Windows is used and whether Outlook, Outlook Express or Windows Mail are viewing an HTML document.
A friend found they had got MSN as their Home page and asked me how they could make Google the Home page in Windows 7.
What They Saw
I haven’t seen their screen but I would expect it to look like the screen shot above, when they select their Home page, with MSN showing. Here I have recreated their situation and then selected Tools on the Command Bar. In this example the Command Bar is very short and placed at the end of the Favourites Bar. Most of the commands, including Tools, show on a drop-down menu which appears when the chevrons are selected at the right-hand end of the Command Bar.
I don’t necessarily want Internet Explorer Suggested Sites on my Favourites Bar in Internet Explorer. I just want My Favourites. Yes, I’m talking about the Suggested Sites shortcut which appears on the Favourites Bar and defies all attempts to remove it permanently. Deleting the shortcut from the Favourites Bar does not prevent it from returning.
Trend Micro says employees pose security risks to businesses by their carelessness. So don’t allow access to your business data through your employees. Data is exposed by Wi-Fi hijacking and by employees losing mobile devices.
For a week now it has been known that there is an IE9 Zero Day Vulnerability.
Get This Zero Day Vulnerability Fixed
Now Microsoft have published a fix which came to me today in the form of an update as follows (for Windows 7):
Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2744842)
Update type: Important
Security issues have been identified that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install the update, you may have to restart your computer.